15 
CLAIMS 



1. A method of validatiDg software code provided to a user entity by a software 
provider^ wherein: 

5 - the user entity encrypts first data, provides it to the software provider, and receives 
back a valid indication that the code is valid only if ttie software provider has been 
able to correctly decrypt the encrypted first data, such decryption only being 
possible using an appropriate decryption key provided by a party with rights in the 
software code; 

10 - the user entity encrypts the first data using, as encryption parameters, both an 

encryption key string comprising said software code or a representation thereof, 

and public data of said party; 
- the said appropriate decryption key is provided by said party to the softwjne 

provider only if the software code provided to the user entity is valid, generation' of 
1 5 this key by the party using both private data related to said public data, and the 

encryption key string or a corresponding reference string based on a reference 

version of the software code. 



2. A method according to claim 1, wherein the first data is a nonce. 

20 

3. A method according to claim 1» wherein said valid indication that the code is valid 
is said first data correctly decrypted from the encrypted first data. 



4. A method according to claim 1, wherein said party receives the encryption key via 
25 the software provider and uses it to carry out at least one validation check of the 
software code provided to the user entity; the party also using the received encryption 
key string, together with said private data, to generate the said ^propriate decryption 
key with the proviso that the decryption key is only generated or only provided to Ihe 
software provider, if the or each validation check is satisfactory. 



30 
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5. A method according to claim 4, wherein said at least one validation check 
comprises at least one of: 

- a check on the integrity of the software code; 

- a check on the right of the software provider to provide the software code to the 
5 user entity. 

6. A method according to claim 4, wherein the encryption key string further 
comprises second data. 

10 7. A method according to claim 6, wherein the second data is a random number. 

8- A method according to claim 1, wherein said party is arranged to derive a 
decryption key using said reference string and said private data, whereby this key only 
serves as said appropriate decryption key if the software code provided to the user 
1 5 entity is the same as said reference version. 

9. A method according to claim 8, wherein the encryption key string ftirtfaer 
comprises second data^ the second data being provided to said party which uses it, 
together with tiie reference version of the software code or a representation thereof, to 
20 generate the decryption key. 

10- A method according to claim 9, wherein the second data is a random number. 

11. A computer system comprising firsts second and third computing entities, 
25 wherein: 

- the first computing entity is arranged to receive software code from Ae second 
computing entity and to encrypt a first data set using, as encryption parameters^ 
both an encryption key string comprising a second data set corresponding to the 
software code provided by the second computing entity or a representation of that 

30 code, and public data of a party having rights in the software code; the first 

computing entity being fiirther arranged to provide the encrypted first data set to 
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the second computing entity whereby to receive back a valid mdication that the 
code is valid only if the second computing entity is able to correctly decrypt the 
encrypted first data, such decryption only being possible using an appropriate 
decryption key provided by the third computing entity; 
5 - the third computing entity is associated wiib said party having rights in the 
software code and is arranged to provide the said appropriate decryption key to the 
second conqputing entity only if the software code provided to the first coixq>uting 
entity is valid, the third computing entity beii^ arranged to generate this key using 
both private data related to said public data, and &e encryption key string or a 
1 0 corresponding reference string based on a reference version of the software code. 

12* A computer system according to claim 1 1, wherein the first data set is a nonce. 

13. A computer system according to claim 1 1, wherein the second computing entity is 
1 5 arranged to operate a web site aad to provide said software code via the web site. 

14. A computer system according to claim 11, wherein said party is the software 
producer. 

20 15. A con^uter system according to claim II, wherein the encryption key string 
further comprises a third data set. 

16. A computer system according to claim 15, wherein the third data set is a random 
number. 

25 

17. A computer system according to claim 15, wherein the third computing entity is 
arranged to derive a decryption key using said reference string and said private data 
whereby this key only serves as said appropriate decryption key if the software code 
provided to the first computiag entity is the same as said reference version, the third 

30 computing entity being arranged to receive the third data set from the second 



18 

computing entity and to fonn said reference string using the received third data set and 
the reference version of the software code or a representation thereof. 

18. A computer system according to claim 11, wherein die third computing entity is 
5 arranged to receive said encryption key string via the second computing entity and to 
use it to carry out validation of the software code provided to the first computing 
entity, the third computing entity being arranged to derive the decryption key using 
said encryption key string and/or to provide the deciyption key to the second 
computing entity, only after satisfactory validation of the software code whereby the 
10 decryption key, if provided to the second computing entity, is said appropriate 
deciyption key. 

19- A computer system according to claim 18, wherein the third computing entity is 
arranged to carry out validation of the software code by checking at least one of: 
15 - the integrity of the software code; 

- the right of the second computing entity to provide the software code to the first 
computing entity. 

20. A computer system comprising a first computer entity for deriving an enciyption 
20 key string using a first data set corresponding to software code or a representation of 

software code provided by a second computer entity and encrypting a second data set 
with the encryption key string; conununication means for providing the encrypted 
second data set to the second computer entity; wherein a third computer entity 
associated with a third party having ri^ts in the software code is arranged to provide 
25 to the second computer entity a deciyption key derived tising the first data set to aUow 
decryption of the encrypted second data set. 

21. A computer system according to claim 20, wherein the commtmication means 
provides the enciyption key string to the third computer entity to allow validation of 

30 the first data set. 
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22. A computer system according to claim 21, wherein the third computer entity 
provides the decryption key to the second computer ratity on validation of the first 
data set. 

5 23. Apparatus comprising: 

- first means for downloading software code over a network from a software 
provider, 

- second means for encrypting first data using both public data of a party with rights 
in the software, and an encryption key string comprising said software code or a 

1 0 representation thereof; 

- third means for providing the encrypted first data and said encryption key string to 
the software provider; 

~ fourth means for receiving back third data from the software provider, and 

- fifOi means for comparing the third data with the first data, and for g^erating an 
1 5 indication that the software code is valid if the first and third data match. 

24. Apparatus according to claim 23, wherein tiae first data is a nonce. 

25- Apparatus according to claim 23, wherein the encryption key string finther 
20 comprises at least one of a random number and a time indication. 

26. A computer program product arranged to condition computing apparatus, when 
installed thereon, to provide: 

' means for encrypting first data using both an encryption key string comprising 
25 software code downloaded by the apparatus from a software provider or a 
representation of that code, and public data of a party with rights in the software 
code; 

- means for providing the encrypted first data and said encryption key string to the 
software provider; 

30 - means for receiving back third data from the software provider, and 
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means for comparing the third data with the first data, and for generating 
indication that the software code is valid if the first and third data match. 



